private_access_spec.rb 22.1 KB
Newer Older
1 2
# frozen_string_literal: true

3 4
require 'spec_helper'

5
describe "Private Project Access" do
6 7
  include AccessMatchers

8
  set(:project) { create(:project, :private, :repository, public_builds: false) }
9

10 11 12 13
  before do
    stub_feature_flags(job_log_json: false)
  end

14
  describe "Project should be private" do
15
    describe '#private?' do
16
      subject { project.private? }
17

18 19
      it { is_expected.to be_truthy }
    end
20 21
  end

22
  describe "GET /:project_path" do
23
    subject { project_path(project) }
24

25 26
    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(project) }
27
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
28 29 30 31 32 33
    it { is_expected.to be_allowed_for(:developer).of(project) }
    it { is_expected.to be_allowed_for(:reporter).of(project) }
    it { is_expected.to be_allowed_for(:guest).of(project) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
34 35 36
  end

  describe "GET /:project_path/tree/master" do
37
    subject { project_tree_path(project, project.repository.root_ref) }
38

39 40
    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(project) }
41
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
42 43 44 45 46 47
    it { is_expected.to be_allowed_for(:developer).of(project) }
    it { is_expected.to be_allowed_for(:reporter).of(project) }
    it { is_expected.to be_denied_for(:guest).of(project) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
48 49 50
  end

  describe "GET /:project_path/commits/master" do
51
    subject { project_commits_path(project, project.repository.root_ref, limit: 1) }
52

53 54
    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(project) }
55
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
56 57 58 59 60 61
    it { is_expected.to be_allowed_for(:developer).of(project) }
    it { is_expected.to be_allowed_for(:reporter).of(project) }
    it { is_expected.to be_denied_for(:guest).of(project) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
62 63 64
  end

  describe "GET /:project_path/commit/:sha" do
65
    subject { project_commit_path(project, project.repository.commit) }
66

67 68
    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(project) }
69
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
70 71 72 73 74 75
    it { is_expected.to be_allowed_for(:developer).of(project) }
    it { is_expected.to be_allowed_for(:reporter).of(project) }
    it { is_expected.to be_denied_for(:guest).of(project) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
76 77 78
  end

  describe "GET /:project_path/compare" do
79
    subject { project_compare_index_path(project) }
80

81 82
    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(project) }
83
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
84 85 86 87 88 89
    it { is_expected.to be_allowed_for(:developer).of(project) }
    it { is_expected.to be_allowed_for(:reporter).of(project) }
    it { is_expected.to be_denied_for(:guest).of(project) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
90 91
  end

92
  describe "GET /:project_path/-/settings/members" do
93
    subject { project_settings_members_path(project) }
94 95 96

    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(project) }
97
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
98 99 100 101 102 103 104 105
    it { is_expected.to be_allowed_for(:developer).of(project) }
    it { is_expected.to be_allowed_for(:reporter).of(project) }
    it { is_expected.to be_allowed_for(:guest).of(project) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:visitor) }
    it { is_expected.to be_denied_for(:external) }
  end

106
  describe "GET /:project_path/-/settings/ci_cd" do
107
    subject { project_settings_ci_cd_path(project) }
108

109 110
    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(project) }
111
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
112 113 114
    it { is_expected.to be_denied_for(:developer).of(project) }
    it { is_expected.to be_denied_for(:reporter).of(project) }
    it { is_expected.to be_denied_for(:guest).of(project) }
115 116
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:visitor) }
117
    it { is_expected.to be_denied_for(:external) }
118 119
  end

120
  describe "GET /:project_path/-/settings/repository" do
121
    subject { project_settings_repository_path(project) }
122 123 124

    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(project) }
125
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
126 127 128 129 130 131 132 133
    it { is_expected.to be_denied_for(:developer).of(project) }
    it { is_expected.to be_denied_for(:reporter).of(project) }
    it { is_expected.to be_denied_for(:guest).of(project) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
  end

134
  describe "GET /:project_path/blob" do
Zeger-Jan van de Weg's avatar
Zeger-Jan van de Weg committed
135
    let(:commit) { project.repository.commit }
136
    subject { project_blob_path(project, File.join(commit.id, '.gitignore')) }
137

138 139
    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(project) }
140
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
141 142 143 144 145 146
    it { is_expected.to be_allowed_for(:developer).of(project) }
    it { is_expected.to be_allowed_for(:reporter).of(project) }
    it { is_expected.to be_denied_for(:guest).of(project) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
147 148 149
  end

  describe "GET /:project_path/edit" do
150
    subject { edit_project_path(project) }
151

152 153
    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(project) }
154
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
155 156 157 158 159 160
    it { is_expected.to be_denied_for(:developer).of(project) }
    it { is_expected.to be_denied_for(:reporter).of(project) }
    it { is_expected.to be_denied_for(:guest).of(project) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
161 162 163
  end

  describe "GET /:project_path/deploy_keys" do
164
    subject { project_deploy_keys_path(project) }
165

166 167
    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(project) }
168
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
169 170 171 172 173 174
    it { is_expected.to be_denied_for(:developer).of(project) }
    it { is_expected.to be_denied_for(:reporter).of(project) }
    it { is_expected.to be_denied_for(:guest).of(project) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
175 176 177
  end

  describe "GET /:project_path/issues" do
178
    subject { project_issues_path(project) }
179

180 181
    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(project) }
182
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
183 184 185 186 187 188
    it { is_expected.to be_allowed_for(:developer).of(project) }
    it { is_expected.to be_allowed_for(:reporter).of(project) }
    it { is_expected.to be_allowed_for(:guest).of(project) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
189 190
  end

191 192 193 194 195 196
  describe "GET /:project_path/issues/:id/edit" do
    let(:issue) { create(:issue, project: project) }
    subject { edit_project_issue_path(project, issue) }

    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(project) }
197
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
198 199 200 201 202 203 204 205
    it { is_expected.to be_allowed_for(:developer).of(project) }
    it { is_expected.to be_allowed_for(:reporter).of(project) }
    it { is_expected.to be_denied_for(:guest).of(project) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
  end

206
  describe "GET /:project_path/snippets" do
207
    subject { project_snippets_path(project) }
208

209 210
    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(project) }
211
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
212 213 214 215 216 217
    it { is_expected.to be_allowed_for(:developer).of(project) }
    it { is_expected.to be_allowed_for(:reporter).of(project) }
    it { is_expected.to be_allowed_for(:guest).of(project) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
218 219 220
  end

  describe "GET /:project_path/merge_requests" do
221
    subject { project_merge_requests_path(project) }
222

223 224
    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(project) }
225
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
226 227 228 229 230 231
    it { is_expected.to be_allowed_for(:developer).of(project) }
    it { is_expected.to be_allowed_for(:reporter).of(project) }
    it { is_expected.to be_denied_for(:guest).of(project) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
232 233 234
  end

  describe "GET /:project_path/branches" do
235
    subject { project_branches_path(project) }
236 237 238

    before do
      # Speed increase
239 240 241
      allow_next_instance_of(Project) do |instance|
        allow(instance).to receive(:branches).and_return([])
      end
242 243
    end

244 245
    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(project) }
246
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
247 248 249 250 251 252
    it { is_expected.to be_allowed_for(:developer).of(project) }
    it { is_expected.to be_allowed_for(:reporter).of(project) }
    it { is_expected.to be_denied_for(:guest).of(project) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
253 254 255
  end

  describe "GET /:project_path/tags" do
256
    subject { project_tags_path(project) }
257 258 259

    before do
      # Speed increase
260 261 262
      allow_next_instance_of(Project) do |instance|
        allow(instance).to receive(:tags).and_return([])
      end
263 264
    end

265 266
    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(project) }
267
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
268 269 270 271 272 273
    it { is_expected.to be_allowed_for(:developer).of(project) }
    it { is_expected.to be_allowed_for(:reporter).of(project) }
    it { is_expected.to be_denied_for(:guest).of(project) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
274 275
  end

276
  describe "GET /:project_path/-/settings/integrations" do
277
    subject { project_settings_integrations_path(project) }
278

279 280
    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(project) }
281
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
282 283 284 285 286 287
    it { is_expected.to be_denied_for(:developer).of(project) }
    it { is_expected.to be_denied_for(:reporter).of(project) }
    it { is_expected.to be_denied_for(:guest).of(project) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
288
  end
Kamil Trzcinski's avatar
Kamil Trzcinski committed
289 290

  describe "GET /:project_path/pipelines" do
291
    subject { project_pipelines_path(project) }
Kamil Trzcinski's avatar
Kamil Trzcinski committed
292

293 294
    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(project) }
295
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
296 297 298 299 300 301
    it { is_expected.to be_allowed_for(:developer).of(project) }
    it { is_expected.to be_allowed_for(:reporter).of(project) }
    it { is_expected.to be_denied_for(:guest).of(project) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
302 303 304

    context 'when public builds is enabled' do
      before do
Z.J. van de Weg's avatar
Z.J. van de Weg committed
305
        project.update(public_builds: true)
306 307
      end

Z.J. van de Weg's avatar
Z.J. van de Weg committed
308 309 310 311 312
      it { is_expected.to be_allowed_for(:guest).of(project) }
    end

    context 'when public buils are disabled' do
      it { is_expected.to be_denied_for(:guest).of(project) }
313
    end
Kamil Trzcinski's avatar
Kamil Trzcinski committed
314 315 316 317
  end

  describe "GET /:project_path/pipelines/:id" do
    let(:pipeline) { create(:ci_pipeline, project: project) }
318
    subject { project_pipeline_path(project, pipeline) }
Kamil Trzcinski's avatar
Kamil Trzcinski committed
319

320 321
    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(project) }
322
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
323 324 325 326 327 328
    it { is_expected.to be_allowed_for(:developer).of(project) }
    it { is_expected.to be_allowed_for(:reporter).of(project) }
    it { is_expected.to be_denied_for(:guest).of(project) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
329 330 331

    context 'when public builds is enabled' do
      before do
Z.J. van de Weg's avatar
Z.J. van de Weg committed
332
        project.update(public_builds: true)
333 334
      end

Z.J. van de Weg's avatar
Z.J. van de Weg committed
335 336 337 338 339
      it { is_expected.to be_allowed_for(:guest).of(project) }
    end

    context 'when public buils are disabled' do
      it { is_expected.to be_denied_for(:guest).of(project) }
340
    end
Kamil Trzcinski's avatar
Kamil Trzcinski committed
341 342 343
  end

  describe "GET /:project_path/builds" do
344
    subject { project_jobs_path(project) }
Kamil Trzcinski's avatar
Kamil Trzcinski committed
345

346 347
    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(project) }
348
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
349 350 351 352 353 354
    it { is_expected.to be_allowed_for(:developer).of(project) }
    it { is_expected.to be_allowed_for(:reporter).of(project) }
    it { is_expected.to be_denied_for(:guest).of(project) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
355 356 357

    context 'when public builds is enabled' do
      before do
Z.J. van de Weg's avatar
Z.J. van de Weg committed
358
        project.update(public_builds: true)
359 360
      end

Z.J. van de Weg's avatar
Z.J. van de Weg committed
361 362 363 364 365
      it { is_expected.to be_allowed_for(:guest).of(project) }
    end

    context 'when public buils are disabled' do
      it { is_expected.to be_denied_for(:guest).of(project) }
366
    end
Kamil Trzcinski's avatar
Kamil Trzcinski committed
367 368 369 370 371
  end

  describe "GET /:project_path/builds/:id" do
    let(:pipeline) { create(:ci_pipeline, project: project) }
    let(:build) { create(:ci_build, pipeline: pipeline) }
372
    subject { project_job_path(project, build.id) }
Kamil Trzcinski's avatar
Kamil Trzcinski committed
373

374 375
    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(project) }
376
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
377 378 379 380 381 382
    it { is_expected.to be_allowed_for(:developer).of(project) }
    it { is_expected.to be_allowed_for(:reporter).of(project) }
    it { is_expected.to be_denied_for(:guest).of(project) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
383 384

    context 'when public builds is enabled' do
Z.J. van de Weg's avatar
Z.J. van de Weg committed
385 386 387 388 389
      before do
        project.update(public_builds: true)
      end

      it { is_expected.to be_allowed_for(:guest).of(project) }
390 391 392 393 394 395 396 397
    end

    context 'when public buils are disabled' do
      before do
        project.public_builds = false
        project.save
      end

Z.J. van de Weg's avatar
Z.J. van de Weg committed
398
      it { is_expected.to be_denied_for(:guest).of(project) }
399
    end
Kamil Trzcinski's avatar
Kamil Trzcinski committed
400 401
  end

402 403 404
  describe 'GET /:project_path/builds/:id/trace' do
    let(:pipeline) { create(:ci_pipeline, project: project) }
    let(:build) { create(:ci_build, pipeline: pipeline) }
405
    subject { trace_project_job_path(project, build.id) }
406 407 408

    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(project) }
409
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433
    it { is_expected.to be_allowed_for(:developer).of(project) }
    it { is_expected.to be_allowed_for(:reporter).of(project) }
    it { is_expected.to be_denied_for(:guest).of(project) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }

    context 'when public builds is enabled' do
      before do
        project.update(public_builds: true)
      end

      it { is_expected.to be_allowed_for(:guest).of(project) }
    end

    context 'when public builds is disabled' do
      before do
        project.update(public_builds: false)
      end

      it { is_expected.to be_denied_for(:guest).of(project) }
    end
  end

434
  describe "GET /:project_path/-/environments" do
435
    subject { project_environments_path(project) }
Kamil Trzcinski's avatar
Kamil Trzcinski committed
436

437 438
    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(project) }
439
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
440 441 442 443 444 445
    it { is_expected.to be_allowed_for(:developer).of(project) }
    it { is_expected.to be_allowed_for(:reporter).of(project) }
    it { is_expected.to be_denied_for(:guest).of(project) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
Kamil Trzcinski's avatar
Kamil Trzcinski committed
446 447
  end

448
  describe "GET /:project_path/-/environments/:id" do
Kamil Trzcinski's avatar
Kamil Trzcinski committed
449
    let(:environment) { create(:environment, project: project) }
450
    subject { project_environment_path(project, environment) }
Kamil Trzcinski's avatar
Kamil Trzcinski committed
451

452 453
    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(project) }
454
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
455 456 457 458 459 460 461 462
    it { is_expected.to be_allowed_for(:developer).of(project) }
    it { is_expected.to be_allowed_for(:reporter).of(project) }
    it { is_expected.to be_denied_for(:guest).of(project) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
  end

463
  describe "GET /:project_path/-/environments/:id/deployments" do
464
    let(:environment) { create(:environment, project: project) }
465
    subject { project_environment_deployments_path(project, environment) }
466 467 468

    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(project) }
469
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
470 471 472 473 474 475
    it { is_expected.to be_allowed_for(:developer).of(project) }
    it { is_expected.to be_allowed_for(:reporter).of(project) }
    it { is_expected.to be_denied_for(:guest).of(project) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
Kamil Trzcinski's avatar
Kamil Trzcinski committed
476 477
  end

478
  describe "GET /:project_path/-/environments/new" do
479
    subject { new_project_environment_path(project) }
Kamil Trzcinski's avatar
Kamil Trzcinski committed
480

481 482
    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(project) }
483
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
484 485 486 487 488
    it { is_expected.to be_allowed_for(:developer).of(project) }
    it { is_expected.to be_denied_for(:reporter).of(project) }
    it { is_expected.to be_denied_for(:guest).of(project) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
489 490 491 492
    it { is_expected.to be_denied_for(:visitor) }
  end

  describe "GET /:project_path/pipeline_schedules" do
493
    subject { project_pipeline_schedules_path(project) }
494 495 496

    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(project) }
497
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
498
    it { is_expected.to be_allowed_for(:developer).of(project) }
499
    it { is_expected.to be_denied_for(:reporter).of(project) }
500 501 502 503 504 505 506
    it { is_expected.to be_denied_for(:guest).of(project) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
  end

  describe "GET /:project_path/pipeline_schedules/new" do
507
    subject { new_project_pipeline_schedule_path(project) }
508 509 510

    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(project) }
511
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
512 513 514 515 516 517 518 519
    it { is_expected.to be_allowed_for(:developer).of(project) }
    it { is_expected.to be_denied_for(:reporter).of(project) }
    it { is_expected.to be_denied_for(:guest).of(project) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
  end

520
  describe "GET /:project_path/-/environments/new" do
521
    subject { new_project_pipeline_schedule_path(project) }
522 523 524

    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(project) }
525
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
526 527 528 529 530
    it { is_expected.to be_allowed_for(:developer).of(project) }
    it { is_expected.to be_denied_for(:reporter).of(project) }
    it { is_expected.to be_denied_for(:guest).of(project) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
531
    it { is_expected.to be_denied_for(:visitor) }
Kamil Trzcinski's avatar
Kamil Trzcinski committed
532
  end
533 534

  describe "GET /:project_path/container_registry" do
535
    let(:container_repository) { create(:container_repository) }
536

537
    before do
538
      stub_container_registry_tags(repository: :any, tags: ['latest'])
539
      stub_container_registry_config(enabled: true)
540
      project.container_repositories << container_repository
541 542
    end

543
    subject { project_container_registry_index_path(project) }
544

545 546
    it { is_expected.to be_allowed_for(:admin) }
    it { is_expected.to be_allowed_for(:owner).of(project) }
547
    it { is_expected.to be_allowed_for(:maintainer).of(project) }
548 549 550 551 552 553
    it { is_expected.to be_allowed_for(:developer).of(project) }
    it { is_expected.to be_allowed_for(:reporter).of(project) }
    it { is_expected.to be_denied_for(:guest).of(project) }
    it { is_expected.to be_denied_for(:user) }
    it { is_expected.to be_denied_for(:external) }
    it { is_expected.to be_denied_for(:visitor) }
554
  end
555
end